problem with cisco 827 and cisco vpn client 3.6.3A

Discussion in 'Cisco' started by Beppe, Jul 8, 2003.

  1. Beppe

    Beppe Guest

    Hi all
    I'm trying to connect with ipsec a W2k pc where is installed
    Cisco Vpn Client 3.6.3A and a Cisco 827 router (IOS version 122-8.YJ), it's
    possible to do
    so?
    The router have already two ipsec connections to other two 827, and they
    work good.
    Now, I'm trying to add the above situation configuring the
    router (see the running-config below).

    The cisco vpn client point the loopback0 interface(111.111.111.111), the
    authentication
    work, I put in username and password when request and the
    connection became operative, but in the status on the vpn client,
    I see secure connections 10.0.0.0 255.255.255.0 and loopback0 ip public
    address (e.g. 80.21.25.36 255.255.255.255)
    and in the other Lan routes nothing..., why?
    I want my vpn client see the internal Lan 10.0.0.0 but if I try to
    ping the e0 int on the router or other pc client in the Lan it doesn't work.
    I've also selected "Allow Local Lan Access" on the cisco vpn client
    properties,
    no result because on the vpn client status I still see Local lan access
    disabled...
    I don't know why.
    Can anyone suggest me something to do to solve it?
    any idea is welcome
    regards
    Beppe

    Running-config (all the public addresses are fictitious)
    !
    version 12.2
    !
    aaa new-model
    !
    !
    aaa authentication login userauthen local
    aaa authorization network groupauthor local
    aaa session-id common
    !
    username xxxxx password x xxxxxxxxxxxxxxxxx
    !
    !
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 10
    hash md5
    authentication pre-share
    crypto isakmp key xyz address 212.212.212.212
    crypto isakmp key abc address 213.213.213.213
    !
    crypto isakmp client configuration group remote-client
    key efg
    pool clientpool
    acl 118
    !
    !
    crypto ipsec transform-set myset1 esp-des esp-md5-hmac
    crypto ipsec transform-set myset2 esp-des esp-md5-hmac
    crypto ipsec transform-set myset3 esp-3des esp-md5-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set myset3
    !
    !
    crypto map mymap local-address Loopback0
    crypto map mymap client authentication list userauthen
    crypto map mymap isakmp authorization list groupauthor
    crypto map mymap client configuration address respond
    crypto map mymap 10 ipsec-isakmp
    set peer 212.212.212.212
    set transform-set myset1
    match address 115
    crypto map mymap 20 ipsec-isakmp
    set peer 213.213.213.213
    set transform-set myset2
    match address 116
    crypto map mymap 30 ipsec-isakmp dynamic dynmap
    !
    !
    !
    !
    interface Loopback0
    ip address 111.111.111.111 255.255.255.248
    ip nat outside
    crypto map mymap
    !
    interface Ethernet0
    ip address 10.0.0.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    no ip route-cache
    ip tcp adjust-mss 1400
    no ip mroute-cache
    no keepalive
    no cdp enable
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip route-cache
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    ip address 123.123.123.123 255.255.255.252
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    pvc 8/35
    oam-pvc manage
    oam retry 5 5 1
    encapsulation aal5snap
    !
    crypto map mymap
    !
    ip local pool clientpool 10.0.2.1 10.0.2.254
    ip nat pool natted 111.111.111.112 111.111.111.112 prefix-length 29
    ip nat inside source route-map nonat pool natted overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 ATM0.1
    no ip http server
    ip pim bidir-enable
    !
    !
    access-list 115 permit ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
    access-list 116 permit ip 10.0.0.0 0.0.0.255 10.188.58.128 0.0.0.63
    access-list 117 deny ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
    access-list 117 deny ip 10.0.0.0 0.0.0.255 10.188.58.128 0.0.0.63
    access-list 117 deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
    access-list 117 permit ip 10.0.0.0 0.0.0.255 any
    access-list 118 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
    no cdp run
    !
    route-map nonat permit 10
    match ip address 117
    !
    radius-server retransmit 3
    !
    line con 0
    exec-timeout 0 0
    stopbits 1
    line vty 0 4
    exec-timeout 120 0
    password XXXXXXXXXXXXXXXX
    length 0
    !
    scheduler max-task-time 5000
    end
     
    Beppe, Jul 8, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neil O'Callaghan

    Cisco 827 and VPN client 4.0 help please

    Neil O'Callaghan, Jul 23, 2003, in forum: Cisco
    Replies:
    2
    Views:
    777
    Neil O'Callaghan
    Jul 24, 2003
  2. Julien Cavoizy

    VPN between Safenet Client and cisco 827 ?

    Julien Cavoizy, Dec 4, 2003, in forum: Cisco
    Replies:
    1
    Views:
    536
    Rik Bain
    Dec 4, 2003
  3. MP
    Replies:
    2
    Views:
    12,391
  4. Peter Valdemar Morch

    Howto: Windows client - cisco 827 VPN? Possible?

    Peter Valdemar Morch, Dec 30, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,808
    scott enwright
    Dec 31, 2003
  5. jarcar
    Replies:
    0
    Views:
    656
    jarcar
    Feb 12, 2004
Loading...

Share This Page